Code & Driver Signing Certificates

Secure your code and earn your customers' trust

You've worked too hard to leave your code unprotected.

As an independent developer or programmer, your code is your reputation. If your release is hacked, infected, or altered in any way, customers won't trust you enough to give you a second chance. Protect yourself, your customers and your good name with the rock-solid security of a code or driver signing certificate.

Trust our code to protect yours.

Bad things can happen to your code when it’s distributed online. It can be hacked before it reaches the user, stolen by another developer, or just never get installed because the “Unidentified Publisher” warning scares off your customers. Fortunately, a GoDaddy Code or Driver Signing Certificate makes it easy to protect your code — and your customers — from these and other issues.

Both certificates:

Secure your software with the same industry-standard encryption used for SSL Certificates, making it impossible for others to alter your code.

Act as a digital ‘safety seal’ to show customers that your code has not been tampered with in any way.

Display your name or your company’s name, instead of “Unidentified Publisher,” during download and installation, so customers know you’re a legitimate developer.

Work with several types of files and languages, including .EXE, .CAB, .DLL, .OCX, Java, HTML, ActiveX, even Microsoft® Office Macros and any other file types that support digital signatures.

Include time-stamps so users know that your code went through the verification process, even if you allow the certificate to expire.

Driver signing:

Is required by Microsoft for all hardware drivers for Windows Vista or later. Customers will not be able to install your software unless it was signed with a driver signing certificate.

Is designed specifically to protect and validate hardware drivers developed for Microsoft operating systems, Windows Vista or later.

Is verified through both GoDaddy and Microsoft via cross-certificate validation, adding an extra level of security and assurance for your customers.

What is a code signing certificate?

With increasingly active content on the Internet, end users require a method of verifying the legitimacy of downloadable Web content.

Code signing is a digital signature placed on software and other executable files and scripts. Code signatures prove the identity of software authors and validates that the software hasn't been tampered with since its original distribution.

Code signs don't alter the software – it's just an added layer of assurance for your end users.

When software is purchased from a store, it's easy to tell who published the software – and if the package was tampered with. Unfortunately, these factors aren't as obvious when software is purchased online. As a result, end users take on a certain amount of risk when downloading Java applets, plugins, Microsoft®ActiveX® controls, and other executables over the Internet.

Code signing certificates help inspire the same level of trust in your software that customers would have if they purchased your software in a store.

Improve your software security with a digital signature. Inspire user confidence by authenticating the source and integrity of your code with a GoDaddy Code Signing Certificate.

Who needs a code signing certificate?

Online security vigilance is at an all-time high. Most Web users won't download software unless you can prove it's legitimate. Code signing certificates inspire confidence and give you the proof you need to validate your code.

Software developers can use code signing certificates to provide extra assurance to their customers about who produced the content and that it's not tampered with. Signed code also prevents unidentified third parties from altering the code before it's distributed.

Content publishers can digitally sign software components, macros, firmware images, virus updates, configuration files or other types of content for secure delivery over the Internet or other mechanisms.

Code signing is particularly important when the source of a given piece of code might not be obvious – for example Active X controls, Java applets, and other active Web scripting codes.

Most Web users understand the potential risks involved with downloading content from the Internet. It's important your end users can trust the code you publish on the Internet. Code signing certificates help confirm software security and assurance with your customers.

How does code signing work?

Newer operating systems and Internet browsers are often set to higher online security levels, which often require signed content. For example, Internet Explorer® uses Authenticode® technology to identify the publisher of signed software and verify that it hasn't been tampered with.

When a code signed file is downloaded from a website, the certificate is extracted from the file. The browser cross-checks this information with an internal list of certificate authorities, and then verifies the signature in the certificate.

If the signed software is tampered with in any way, the digital signature breaks and alerts customers that the code has been altered and is not trustworthy.

How does someone know they can trust my signature?

When someone attempts to download or run unsigned code, their browser attempts to validate the security of the downloaded content. A security warning pops up or the Web page content fails to load, depending on the browser security settings. These warnings create suspicion and confusion for the user.

Digitally signing code prevents unnecessary warning dialogues when end users attempt to run the signed application or executable file.

After I purchase a Code Signing Certificate, what do I need to do?

After you purchase a code signing certificate, you need to provide a certificate signing request (CSR) from the computer that is signing the code. Depending on the use of the certificate, you can create the CSR automatically, or you can use a tool like OpenSSL to generate the CSR.

After you submit your request, we verify the company information you supplied. The Registration Authority (RA) might contact you to provide additional information, if required. You can monitor the validation process through your account.

Once the code signing certificate is issued, we'll send you an email with a link to download and install the certificate file and any associated intermediate certificates.

You can even time-stamp your signature block using Authenticode to show the validity of your certificate at the time the code was signed.